Community
Classroom
Calendar
Members
Map
Leaderboards
About
20d (edited) • General discussion
Am I too paranoid?
Hi everyone,
my openclaw 1-click-setup at Hostinger has caused almost nothing but trouble. Gateways crash and config resets. I don’t seem to be alone in this ( https://www.reddit.com/r/Hostinger/comments/1r3j1wf/has_anyone_here_tried_running_openclaw_on_a/ ), but the thing that’s worrying me the most is that the preset configuration of the openclaw one-click-install is set to:
gateway.controlUi.dangerouslyDisableDeviceAuth=true
gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback=true
The official openclaw preset is „false“ and it should only be turned to „true“ in emergency situations for short time.
On my hostinger setup though, the setting can’t be permanently changed to false via UI or shell because according to Kodee, the hostinger AI assistant, the setting seems to be hardcoded in an env or other data file linked in the .yaml of the openclaw docker container. I’m honestly paranoid of even connecting via SFTP to see what’s in the files. That is so, because everytime I set those two settings to false via .json config or via SSH, it reverts back to true on the next docker container reboot. Hostinger has set it up that way. They set it up to be insecure as a standard, despite marketing it as „Hostinger VPS provides a private, self-hosted environment with high-complexity security generated by default. “
wtaf...
I interrogated evasive Kodee a bit, the hostinger AI assistant, and he says hostinger pulls their images from https://github.com/orgs/hostinger/packages/container/package/hvps-openclaw
which means their openclaw is probably modified. There are probably 5x as many releases compared to Peter Steinbergs github if i do understand this correctly (I’m not a github native and not a linux native either), but then there is one :latest version that gets used by most people.
Hostinger probably modified the image to integrate their Nexos AI API and make it harder for people to switch to more effective APIs like openrouter. But even if that is the case, why would they set the standard configuration to unsafe.
What if the github repo was compromised; - that would not be the first time this happens to a company or developer, and such a popular openclaw provider would be a natural target.
I’m not going to pretend I have any experiences with things like this (all what I’ve been doing so far is hosting and scripting websites), but to me all of this looks just really strange.
I’d be grateful for a feedback on whether I should be concerned with Hostinger’s security, or whether I’m just paranoid.
Any thoughts welcome!
3
8 comments
Jules B
2
Am I too paranoid?
OpenClawBuilders/AI Automation
skool.com/openclawbuilders
Master OpenClaw/Moltbot/Clawd: From confused install to secured automated workflows in 30 days
Leaderboard (30-day)
1
Jeffrey Thompson
+32
2
John Cressman
+12
3
Alexander Bertlin
+10
4
Damien Hooper
+9
5
Kimberly Hill
+8
Powered by